Moonjack - Smart Contract Audit Report

Summary

Moonjack Audit Report Moonjack is a new Defi token on the Binance Smart Chain with the objective of sending their mascot, a flapjack octopus, to the moon by use of an autonomous yield and liquidity generating protocol.

We audited Moonjack's token contract contract at 0x44f3f45ea10ce427cd69f95073942c5632422def on the Binance Smart Chain mainnet.

Overview of the Contract:
  • The total supply of the token is set to one quadrillion.
  • No mint or burn functions are present; though the circulating supply can be reduced by sending tokens to the 0x..dead address, if desired.
  • As of the date of this report, roughly 30% of the token's supply has been sent to the 0xdead address.
  • At the time of writing this report, about 20% of the total supply is in liquidity
  • 88% of that liquidity is locked in an unverified contract.
  • 12% of liquidity is permanently locked in the token contract.
  • 5% of the supply is locked with BSCrypt, however, that same 5% is currently unlocked as the locked duration has passed. We recommend that the team relocks these tokens.
  • The team holds 5% of the supply unlocked in a team wallet.
  • The next largest holder has 2.5% of the total supply.

  • Moonjack's code implements and builds upon the fee-redistribution features pioneered by Reflect Finance.
  • Users who hold tokens will automatically receive a portion the fees from a transaction tax on each transfer.
  • A portion of the fee charged on transactions is stored in the contract and, once a threshold value is met, used to fund PancakeSwap liqudity.
  • Liquidity-adds are funded by selling half of the tokens collected as fees, pairing the received BNB with the token, and adding it as liquidity to the BNB pair.
  • The LP tokens received from this process will be permanently locked in the contract.

  • The owner of the contract can exclude and include users from transfer fees, update the maximum transaction amount, update the fee percentages to any amount at any time.
  • Some functions could have been declared external instead of public to save some gas, but as this is already deployed this is merely informational.
  • The contract utilizes SafeMath libraries to prevent overflows along with following the BEP20 standard.

Audit Findings Summary
  • No security issues were identified in our analysis.
  • Further, ensure trust in the team as they have substantial control in the ecosystem. We advise that the team renounces ownership.
  • Date: June 2nd, 2021

Vulnerability CategoryNotesResult
Arbitrary Storage WriteN/APASS
Arbitrary JumpN/APASS
Delegate Call to Untrusted ContractN/APASS
Dependence on Predictable VariablesN/APASS
Deprecated OpcodesN/APASS
Ether ThiefN/APASS
ExceptionsN/APASS
External CallsN/APASS
Flash LoansN/APASS
Integer Over/UnderflowN/APASS
Multiple SendsN/APASS
OraclesN/APASS
SuicideN/APASS
State Change External CallsN/APass
Unchecked RetvalN/APASS
User Supplied AssertionN/APASS
Critical Solidity CompilerN/APASS
Overall Contract Safety PASS

BEP20 Token Graph

Multi-file Token

												
($) = payable function
 # = non-constant function

 +  Context 
    - [Int] _msgSender
    - [Int] _msgData

 + [Int] IERC20 
    - [Ext] totalSupply
    - [Ext] balanceOf
    - [Ext] transfer #
    - [Ext] allowance
    - [Ext] approve #
    - [Ext] transferFrom #

 + [Lib] SafeMath 
    - [Int] add
    - [Int] sub
    - [Int] sub
    - [Int] mul
    - [Int] div
    - [Int] div
    - [Int] mod
    - [Int] mod

 + [Lib] Address 
    - [Int] isContract
    - [Int] sendValue #
    - [Int] functionCall #
    - [Int] functionCall #
    - [Int] functionCallWithValue #
    - [Int] functionCallWithValue #
    - [Prv] _functionCallWithValue #

 +  Ownable (Context)
    - [Int]  #
    - [Pub] owner
    - [Pub] renounceOwnership #
       - modifiers: onlyOwner
    - [Pub] transferOwnership #
       - modifiers: onlyOwner

 + [Int] IUniswapV2Factory 
    - [Ext] createPair #

 + [Int] IUniswapV2Pair 
    - [Ext] sync #

 + [Int] IUniswapV2Router01 
    - [Ext] factory
    - [Ext] WETH
    - [Ext] addLiquidity #
    - [Ext] addLiquidityETH ($)

 + [Int] IUniswapV2Router02 (IUniswapV2Router01)
    - [Ext] removeLiquidityETHSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForETHSupportingFeeOnTransferTokens #
    - [Ext] swapExactTokensForTokensSupportingFeeOnTransferTokens #
    - [Ext] swapExactETHForTokensSupportingFeeOnTransferTokens ($)

 +  Moonjack (Context, IERC20, Ownable)
    - [Pub]  #
    - [Pub] name
    - [Pub] symbol
    - [Pub] decimals
    - [Pub] totalSupply
    - [Pub] balanceOf
    - [Pub] transfer #
    - [Pub] allowance
    - [Pub] approve #
    - [Pub] transferFrom #
    - [Pub] increaseAllowance #
    - [Pub] decreaseAllowance #
    - [Pub] isExcluded
    - [Pub] reflectionFromToken
    - [Pub] tokenFromReflection
    - [Ext] excludeAccount #
       - modifiers: onlyOwner
    - [Ext] includeAccount #
       - modifiers: onlyOwner
    - [Prv] _approve #
    - [Prv] _transfer #
    - [Prv] collectFee #
    - [Prv] _getReflectionRate
    - [Prv] swapAndLiquify #
       - modifiers: lockTheSwap
    - [Prv] swapTokensForEth #
    - [Prv] addLiquidity #
    - [Ext] setTaxless #
       - modifiers: onlyOwner
    - [Ext] setSwapAndLiquifyEnabled #
       - modifiers: onlyOwner
    - [Ext] setFeeActive #
       - modifiers: onlyOwner
    - [Ext] setTaxFee #
       - modifiers: onlyOwner
    - [Ext] setLiquidityFee #
       - modifiers: onlyOwner
    - [Ext] setMaxTxAmount #
       - modifiers: onlyOwner
    - [Ext] setMinTokensBeforeSwap #
       - modifiers: onlyOwner
    - [Ext]  ($) ($) = payable function
 # = non-constant function